Facebook Inc. said that fewer users than it initially thought were impacted by hackers in the largest-ever security breach at the social-media giant two weeks ago, reducing its estimate from 50 million users affected to 30 million.
In a blog post Friday, Facebook said the 30 million had their access tokens—digital keys that keep people logged into social-media site—stolen when hackers “exploited a vulnerability” in the company’s computer code between July 2017 and September 2018. Facebook discovered the attack Sept. 25.
“We now know that fewer people were impacted than we originally thought,” Guy Rosen, vice president of product management, said in the blog post.
In a call with reporters Friday, Mr. Rosen declined to say who might have been behind the attack, noting that the company is working with the Federal Bureau of Investigation and that the agency has asked Facebook not to discuss the identity of the perpetrators.
Facebook also declined to give a geographic breakdown of users who were affected.
It’s also unclear how the stolen data may have been used. Mr. Rosen said he has not seen any evidence of the data on the “dark web”—a network of websites used by hackers and others to share information—where stolen information often changes hands.
Facebook’s security breach comes as the social network is still trying to win back the trust of its 2 billion users after a series of missteps in the last year. Earlier this year, the company said the data of millions of users was improperly shared with Cambridge Analytica, an analytics firm with ties to President Donald Trump’s 2016 campaign.
(More to Come)
Write to Kirsten Grind at firstname.lastname@example.org